From 24ea6500cc5285aac7f02df7f535ea10f8f97729 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 4 Mar 2011 20:29:24 +0100
Subject: [PATCH] check manager/admin role earlier for admin plugins FS#2180
---
inc/actions.php | 12 ++++++++++--
inc/template.php | 11 +++--------
2 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/inc/actions.php b/inc/actions.php
index 321d928b3..fa11bb7f1 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -18,6 +18,7 @@ if(!defined('DOKU_INC')) die('meh.');
function act_dispatch(){
global $ACT;
global $ID;
+ global $INFO;
global $QUERY;
global $lang;
global $conf;
@@ -134,8 +135,15 @@ function act_dispatch(){
$pluginlist = plugin_list('admin');
if (in_array($_REQUEST['page'], $pluginlist)) {
// attempt to load the plugin
- if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null)
- $plugin->handle();
+ if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null){
+ if($plugin->forAdminOnly() && !$INFO['isadmin']){
+ // a manager tried to load a plugin that's for admins only
+ unset($_REQUEST['page']);
+ msg('For admins only',-1);
+ }else{
+ $plugin->handle();
+ }
+ }
}
}
}
diff --git a/inc/template.php b/inc/template.php
index d29e3e779..0f0fb92a0 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -209,14 +209,9 @@ function tpl_admin(){
}
if ($plugin !== null){
- if($plugin->forAdminOnly() && !$INFO['isadmin']){
- msg('For admins only',-1);
- html_admin();
- }else{
- if(!is_array($TOC)) $TOC = $plugin->getTOC(); //if TOC wasn't requested yet
- if($INFO['prependTOC']) tpl_toc();
- $plugin->html();
- }
+ if(!is_array($TOC)) $TOC = $plugin->getTOC(); //if TOC wasn't requested yet
+ if($INFO['prependTOC']) tpl_toc();
+ $plugin->html();
}else{
html_admin();
}
--
GitLab